add t440 host

carjorvaz · Jul 27, 2023 · 6960c22 · 6960c22
1 parent 90f18c8
commit 6960c22
Show file tree

Hide file tree

Showing 4 changed files with 148 additions and 17 deletions.
diff --git a/hosts/t440.nix b/hosts/t440.nix
@@ -0,0 +1,82 @@
+{ config, modulesPath, lib, pkgs, suites, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]
+    ++ suites.t440;
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+    options = [ "defaults" "size=2G" "mode=755" ];
+  };
+
+  fileSystems."/nix" = {
+    device = "zroot/local/nix";
+    fsType = "zfs";
+    options = [ "zfsutil" ];
+  };
+
+  fileSystems."/persist" = {
+    device = "zroot/safe/persist";
+    fsType = "zfs";
+    options = [ "zfsutil" ];
+    neededForBoot = true;
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/AA0B-CA9C";
+    fsType = "vfat";
+  };
+
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    files = [ "/etc/machine-id" ];
+    directories = [ ];
+  };
+
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      editor = false;
+      configurationLimit = 10;
+    };
+  };
+
+  hardware = {
+    enableRedistributableFirmware = true;
+    cpu.intel.updateMicrocode = true;
+  };
+
+  services.logind.lidSwitch = "ignore";
+
+  networking.useDHCP = lib.mkDefault true;
+  networking.hostId = "65db7b8e";
+  # networking = {
+  #   useDHCP = false;
+  #   hostId = "65db7b8e";
+
+  #   interfaces.enp0s25 = {
+  #     useDHCP = false;
+  #     wakeOnLan.enable = true; # Requires enabling WoL in BIOS
+
+  #     ipv4.addresses = [{
+  #       address = "192.168.1.2";
+  #       prefixLength = 24;
+  #     }];
+  #   };
+
+  #   defaultGateway = "192.168.1.254";
+  # };
+
+  virtualisation.docker.storageDriver = "zfs";
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  system.stateVersion = "23.05";
+}
diff --git a/profiles/frigate.nix b/profiles/frigate.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+let domain = "frigate.vaz.ovh";
+in {
+  services = {
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      useACMEHost = "vaz.ovh";
+    };
+
+    frigate = {
+      enable = true;
+      hostname = domain;
+      settings = {
+        cameras = {
+          # dahua = {};
+          hikvision = {
+            ffmpeg.inputs = [{
+              path = "rtsp://192.168.1.64/rtsp";
+              roles = [
+                "detect" # "rtmp"
+              ];
+            }];
+
+            detect = {
+              enabled = false;
+              width = 1280;
+              height = 720;
+            };
+          };
+        };
+      };
+    };
+  };
+
+  environment.persistence."/persist".directories = [
+    # "/var/lib/frigate"
+
+    # TODO confirmar
+    # "/media/frigate/clips"
+    # "/media/frigate/recordings"
+    # "/media/frigate/frigate.db"
+    # "/tmp/cache"
+    # "/dev/shm"
+    # "/config/config.yml"
+  ];
+}
diff --git a/secrets/ovh.age b/secrets/ovh.age
@@ -1,15 +1,15 @@
 age-encryption.org/v1
--> ssh-ed25519 QMCC3g eUHzkzoe8FEpqvYOoculNoKJGGsgiqKZoo8K/VI3lHE
-3lwd3o3ti5ZjSji1ZrCNrMpzcnIYLRW0UYvs480KI0Y
--> ssh-ed25519 xXho5w WKbZUN1KhRR7lT0qXCvvR54+YKJiEC0HB1yLzvXXjHo
-IntbvrLOVs6ir3tQtSRUdARwCuv4+NcrdEtErzyrZ14
--> ssh-ed25519 LUbSww LgAKVhpolyicJf6p4SE4Ohijg1ffWu9bHV/wPnHMImo
-zitCfHqRrI+cq+mx8A92w5FoMclZhph/AZbN1aGkaWA
--> ssh-ed25519 N1URCg JjZO7alFIV4jE5auy0T+PyoCoMkz4gGNWO/aKKfbZyU
-97C5EdoEx4Z7Abzz9I5KwRD7I4mIK/Tv46tXoGYHIDk
--> ('|e-grease
-Eyas/pioyeC/jRzewlloBmZJjAW4f9loT/UKt0zSYgI2T8ZTTA3CoUaimieEghJy
-Ura2tE7oB2oRz37WBX7tLi8
---- 96lVYnwtGbOUVc34wJwdfluuled3PQpsJRgpyWaA/Mw
-"��C&��?��IEb[�Ӂ6��r��b�<ǉ�3Ko{n�_oԍ���������-�/��Z*#g#_�3��h|;7���=	�}�b����4�5a��ͦr�@���֑]�LRSEk���{?����
-Z-������E5�W��|�{o7?�־y���#�k]D�pT�����y��f�w�H�L�\�
+-> ssh-ed25519 xXho5w dcdHpHoEwmd2e1R1OWx4L2gXswmMTKw7+FSC6Q700AI
+UPzcw6sjk787YZn8B2HgYHdkQ+rZTVny5v8RSISqu44
+-> ssh-ed25519 LUbSww cna4J9ybnlNWiAmU03UA4dQn3JlG4p/sSoxMYEqLy1k
+hT8XiDJ9TqKa1rTUSrd4Pa2KVeNi99FWjfzwOZqiFG4
+-> ssh-ed25519 N1URCg Wqp4bSITBxS5ijU90uFiBBu8AdFQ/UYViyDbiSPh7H8
+813yhsqlw0xD+ndCfZYqf4g7C6v9dzxXdzJmw6UEQKo
+-> ssh-ed25519 I8G6aQ E1WPRStPsahRqYkmG/Z5SzjaUXp2muxdAnZHKdXkLyY
+R5xTjxMqY74yfG/5J4JIMh0DfMlmRt5IyR5XayWgXww
+-> 8z^k%J-grease
+wFRc5soM9sN59zMAA/JYFd/AN2qn8pReG2rn0yU
+--- B2RPTazuO1uvRBLakG/8r+jjucsptNLl482cLHBMoEE
+l�S�I4�B�������.��Ame�M����Z�:�"a�~�A���r��U�E��7������Ũ���$Δ�!����-j�!pZW�=2ُR��R�'#Bb�3� \��U_=�a�!�L���y�������[BU����'���	���T�,�0�A����<տ
+C
+�sl�`�w�fQ��~��D�<y4

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -3,7 +3,9 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAJul712iSthWHXLAgBh38x4lpjXgsTd2KzlP5Jnf55 root@commodus  ";
   hadrianusSystem =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFI1Mcb4pU6+2ZCmS5wBJqb4oLZdcSxryvTOUf9ZLxIU root@hadrianus";
-  systems = [ commodusSystem hadrianusSystem ];
+  t440System =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6+gZmLDcxvCaiXj1grZEltbsfe0u0f5UKDTnDdIsoZ root@t440";
+  systems = [ commodusSystem hadrianusSystem t440System ];
 
   commodusUser =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1OS3cOxw5+wleeTybg0sWE2z0pCj007rUO3kQHSVJ7 cjv@commodu  ";
@@ -13,6 +15,6 @@ in {
   "mailMafaldaHashedPassword.age".publicKeys = [ commodusUser hadrianusSystem ];
   "nextcloud-db-pass.age".publicKeys = [ commodusSystem commodusUser ];
   "nextcloud-admin-pass.age".publicKeys = [ commodusSystem commodusUser ];
-  "ovh.age".publicKeys = [ commodusSystem commodusUser hadrianusSystem ];
-
+  "ovh.age".publicKeys =
+    [ commodusSystem commodusUser hadrianusSystem t440System ];
 }